[
https://issues.apache.org/jira/browse/STORM-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15369391#comment-15369391
]
Sriharsha Chintalapani commented on STORM-1096:
-----------------------------------------------
[~revans2]
I think the issue here is incase of a proxy server calling the UI with doAsUser
param.
Also we check impersonation twice it seems once in UI and another in nimbus
https://github.com/apache/storm/blob/master/storm-core/src/clj/org/apache/storm/ui/core.clj#L92
By adding nimbus.impersonation.authorizer in defaults we are going to generate
quite a bit of logs and could be confusing for the users who are not using it
in secure mode. This is already addressed in another JIRA.
I'll remove the double impersonation my side and it should be ok. Few things I
would like to address is
1. remove impersonation check on UI side. Let me know if this is necessary
2. Currently we've groups, hosts and I would like to add users section to
restrict the impersonation to few users.
> UI tries to impersonate wrong user when getting topology conf for
> authorization, impersonation is allowed by default
> --------------------------------------------------------------------------------------------------------------------
>
> Key: STORM-1096
> URL: https://issues.apache.org/jira/browse/STORM-1096
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Affects Versions: 0.10.0
> Reporter: Robert Joseph Evans
> Assignee: Robert Joseph Evans
> Priority: Blocker
> Fix For: 0.10.0
>
>
> We have started using 0.10.0 under load and found a few issues around the UI
> and impersonation.
> The UI when trying to connect to nimbus will impersonate other users.
> Nimbus, by default allows impersonation and just outputs a warning message
> that it is allowed. We really should default to not allowing impersonation.
> having the authorizer configured by default does not hurt when running
> insecure because impersonation is not possible, but when security is enabled
> if someone forgets to set this config we are now insecure by default.
> If you do set all of that up correctly the UI now can impersonate the wrong
> user when connecting to nimbus.
> The UI decides which user to impersonate by pulling it from the request
> context. The requestContext is populated from the HttpRequest when
> assert-authorized-user is called. assert-authorized-user takes a
> topology-conf as a parameter. The only way to get this topology conf is to
> talk to nimbus, which will get the wrong user because the request context has
> not been populated yet.
> This just because a huge pain for users who way too often will not be able to
> see pages on the UI.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
